Home » Archives for July 2011

Month: July 2011

ChiliProject 1.5.1 Released

ChiliProject 1.5.1 has just been released. This release is a security release to fix two security bugs in ChiliProject 1.5.0. It contains no other bug fixes or new features and it released for users who are unable to upgrade to ChiliProject 2.1.0. It is suitable for use on production websites running ChiliProject 1.x and we highly recommend that 1.x users download the release.

Download ChiliProject 1.5.1

What’s included

1.5.1 includes 2 security fixes that were back ported from ChiliProject 2.1.0.

  • Bug #536: CSRF Protection
  • Bug #544: XSS in app/views/issues/show.rhtml

Contributors to 1.5.1

I’d like to thank all of the contributors to the 1.5.1 release.

  • Eric Davis
  • Holger Just
  • Jan Schulz-Hofen
  • Joernchen of Phenoelit

I would especially like to thank Joernchen of Phenoelit and Jan Schulz-Hofen for reporting the security bugs to us through the correct channels.

If you think you have found a security bug in ChiliProject please report it to the security team privately so we can follow responsible disclosure.

What’s Next?

The 1.x versions of ChiliProject is officially in maintenance mode and will only be getting security update from now on. We recommend upgrading to the current stable version of ChiliProject in order to get general bug fixes and features, currently ChiliProject 2.1.0.

Download ChiliProject 1.5.1

ChiliProject 2.1.0 Released

ChiliProject 2.1.0 has just been released. It includes many bug fixes for ChiliProject 2.0.0 as well as two security bugfixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

Download ChiliProject 2.1.0

What’s included

2.1.0 includes 4 new features and 15 bug fixes for 2.0.0. The major highights of this release are:

  • Fix for a potential XSS vulunerabily on the issue details page
  • Stronger protection from CSRF attacks (CVE-2011-0447)

The full list of changes are below:

  • Bug #191: Add Next/Previous links to the top of search results
  • Bug #467: uninitialized constant Journal::Journaled
  • Bug #498: Wrong filters for int and float custom fields
  • Bug #511: Encoding of strings coming out of SQLite
  • Bug #512: reposman.rb do not work properly in Gentoo Linux.
  • Bug #513: Attached files in “comment” no longer link to file
  • Bug #514: Multiple emails for each forum post
  • Bug #523: Gzipped history of wiki pages is garbeled during an update of an older version to 2.0
  • Bug #530: Start date default should consider timezone
  • Bug #536: CSRF Protection
  • Bug #537: Accessing version of newly created WikiContent results in NoMethodError
  • Bug #540: Hook helper_issues_show_detail_after_setting gets different parameters in Chili 1.x and 2.0
  • Bug #542: Double initial journal for migrated wiki history
  • Bug #543: Journalized touch on journal update causes StaleObjectErrors
  • Bug #544: XSS in app/views/issues/show.rhtml
  • Feature #499: Due date sort order should sort issues with no due date to the end of the list
  • Feature #506: Support for “local” Gemfile – Gemfile.local
  • Feature #526: Bulgarian translation
  • Feature #539: Remove dead code in IssueHelper

Contributors to 2.1.0

I’d like to thank all of the contributors to the 2.1.0 release.

  • Eric Davis
  • Felix Schäfer
  • Gregor Schmidt
  • Holger Just
  • Ivan Cenov
  • Jan Schulz-Hofen
  • Joernchen of Phenoelit

I would especially like to thank Joernchen of Phenoelit and Jan Schulz-Hofen for reporting the security bugs to us through the correct channels.

If you think you have found a security bug in ChiliProject please report it to the security team privately so we can follow responsible disclosure.

Upgrading

The upgrading and installation documentation has already been updated for 2.1.0. If you have not yet upgraded to ChiliProject 2.0.0, make sure to follow the upgrading instructions in the release notes.

What’s Next?

This is the second release in our 2.0.0 series so we will continue to support it with monthly bugfix releases until around December 2011. Around that time the next major ChiliProject version will be released (3.0.0). The development team is getting ready to work on the major features for ChiliProject 3.0.0 now. The first one I’m going to work on will be a new theme and layout based on the popular theme from Shane and Peter.

If you’re interested in participating or contributing to ChiliProject, please leave a comment below or post to our forums. This time is a great time to start contributing to the project and we would love to have your help with all aspects of ChiliProject.

In closing, go and download ChiliProject 2.1.0 now.

ChiliProject 2.0.0 Released

Here in the US we are starting our Independence Day weekend. It isn’t normal to give gifts during this holiday but I have a special treat for the ChiliProject community tonight.

ChiliProject 2.0.0 has been released.

The development team has been working hard on this release since Feburary and with the help and support of the community, we’ve finally finished the release candidate process. 2.0.0 is a major release and we’ve done many upgrades to the code.

Please be sure to read this entire annoucement carefully (especially the Upgrade section), as there are some important instructions in here.

What’s included

2.0.0 includes 17 new features and 45 bug fixes over 1.5.0. The major highights of this release are:

The full list of changes are below:

  • Bug #262: Fix line endings
  • Bug #341: Remove English strings from RepositoriesHelper
  • Bug #343: Review Gantt and Calender links from 07cf681
  • Bug #345: Entering large numbers for ‘Estimated Time’ fails with ‘Invalid big Decimal Value’
  • Bug #346: I18n YAML files not parsable with psych yaml library
  • Bug #383: Fix broken tests in unstable caused by conflicting to_utf8 method names
  • Bug #389: Context menu doesn’t work in Opera
  • Bug #390: mysql2 incompatibility in WikiPage model
  • Bug #397: FIXME in generalize_journals migration
  • Bug #398: Remove helper calls from IssuesController
  • Bug #400: Review and fix the Activity event types
  • Bug #401: Move JournalsHelpers from aaj to the core
  • Bug #403: [AAJ] Attachment has it’s files and documents activity provider removed but only documents added
  • Bug #404: Move aaj/app/* to core
  • Bug #405: Move aaj/test/* to core
  • Bug #406: Check for missing Journal code from the AAJ merge
  • Bug #407: Add Journal#visible
  • Bug #408: Check IssueTest#test_saving_twice_should_not_duplicate_journal_details
  • Bug #409: [AAJ] Check that bugfix 784bbccf was merged
  • Bug #411: Issue Notes Preview
  • Bug #412: Test errors on 1.9.2 after acts_as_journalized merge
  • Bug #413: Test errors on 1.8.6 after acts_as_journalized merge
  • Bug #414: Remove returning since it causes deprecation warnings
  • Bug #415: Wikipages don’t store/show the comment correctly
  • Bug #419: Issue list context menu not working in IE9
  • Bug #422: cvs test are not working
  • Bug #423: Remove explicit render from WikiController#show
  • Bug #437: Encoding error on Ruby 1.9 in pdf exports
  • Bug #441: Creating a Journal does not update the journaled record’s updated_at/on attribute
  • Bug #442: Issue atom feed shows “issue creation” journal, didn’t before
  • Bug #443: IssuesControllerTest.test_show_atom test failure on 1.9.2
  • Bug #444: ChangesetTest and RepositoryGitTest test failures on 1.9.2
  • Bug #445: Track initial attributes in a Journal when created
  • Bug #453: Update to Rails 2.3.12 to fix some bugs
  • Bug #466: SVN: Apache initialization error
  • Bug #467: uninitialized constant Journal::Journaled
  • Bug #468: Lost WIKI history timestamps during 2.0.0rc1 upgrade.
  • Bug #469: Wong URL for WIKI activity entries in 2.0.0rc2
  • Bug #474: Changesets are displaying the wrong user and commit date in the Activity
  • Bug #475: News, docs, changesets and time activities were not migrated to 2.0.0rc2
  • Bug #477: Getting rid of “rake/rdoctask is deprecated.” warning
  • Bug #479: Generalize Journals migrations does too much
  • Bug #480: Issue Journal replies get ignored
  • Bug #493: uninitialized constant TimeEntryJournal
  • Bug #501: Updating a ticket that was created by email forces a “change” of description
  • Bug #503: 2.0.0RC3 – YAML Parser fails in ruby 1.9
  • Feature #112: Provide a library function to detect the database type used
  • Feature #123: Review and Merge acts_as_journalized
  • Feature #196: Upgrade to Rails 2.3-latest
  • Feature #197: Rake task to manage copyright inside of source files
  • Feature #216: Remove the rubygems hack from boot.rb
  • Feature #217: Remove the hack to require a specific i18n version in boot.rb
  • Feature #269: Refactor lib/redmine/menu_manager.rb to increase extensibility
  • Feature #279: Optional start date on Versions
  • Feature #288: Review latest Redmine commits
  • Feature #289: Switch to helper :all
  • Feature #290: Add bundler
  • Feature #310: Option to skip mail notifications on issue updates
  • Feature #350: Setting model should use Rails.cache instead of class variable
  • Feature #416: Refactor watcher_tag and watcher_link to use css selectors for the replace action
  • Feature #436: Clean up trailing whitespace and tabs
  • Feature #462: pt-BR translation update
  • Feature #473: pt-BR translation fix
  • Task #123: Review and Merge acts_as_journalized
  • Task #197: Rake task to manage copyright inside of source files
  • Task #288: Review latest Redmine commits
  • Task #291: Update documentation to phase out Ruby 1.8.6
  • From Redmine v1.1.2
    • Defect #3132: Bulk editing menu non-functional in Opera browser
    • Defect #6090: Most binary files become corrupted when downloading from CVS repository browser when Redmine is running on a Windows server
    • Defect #7280: Issues subjects wrap in Gantt
    • Defect #7288: Non ASCII filename downloaded from repo is broken on Internet Explorer.
    • Defect #7317: Gantt tab gives internal error due to nil avatar icon
    • Defect #7497: Aptana Studio .project file added to version 1.1.1-stable
    • Defect #7611: Workflow summary shows X icon for workflow with exactly 1 status transition
    • Defect #7625: Syntax highlighting unavailable from board new topic or topic edit preview
    • Defect #7630: Spent time in commits not recognized
    • Defect #7656: MySQL SQL Syntax Error when filtering issues by Assignee’s Group
    • Defect #7718: Minutes logged in commit message are converted to hours
    • Defect #7763: Email notification are sent to watchers even if ‘No events’ setting is chosen
    • Feature #7608: Add “retro” gravatars
    • Patch #7598: Extensible MailHandler
    • Patch #7795: Internal server error at journals#index with custom fields

Contributors to 2.0.0

I’d like to thank all of the contributors to the 2.0.0 release.

  • Adam Soltys
  • Ales Zabala Alava
  • Alessio Franceschelli
  • Artem Naluzhnyy
  • Beat Jörg
  • Behrang Noroozinia
  • Ben Gunter
  • Claudio Acciaresi
  • Enderson Maia
  • Eric Davis
  • Etienne Massip
  • Felix Schäfer
  • Gary Verhaegen
  • Gregor Schmidt
  • Holger Just
  • Jean-Philippe Lang
  • Jens Ulferts
  • Jim Naslund
  • Jun NAITOH
  • MAEDA, Go
  • Michal Gebauer
  • Price M
  • Rodrigo Rosenfeld Rosas
  • Simon COURTOIS
  • Tim Felgentreff
  • Tom Kersten
  • Toshi MARUYAMA
  • Wieland Lindenthal
  • Yuki Sonoda
  • Yuya Nishihara
  • and everyone in the ChiliProject community

Upgrading

The upgrading and installation documentation has already been updated for 2.0.0 but I want to mention three major points with this upgrade.

Backup your database… seriously

There are some major data changes in this release, so make sure you backup your database before even attempting the upgrade. The database migration process has been tested by many people but there is always a chance that there will be unexpected bugs we haven’t discovered. A full database backup will give you the option to rollback and undo the upgrade if problems arise.

Give the upgrade time to run

Also due to the data changes, the database migration part of the upgrade could take a long time to run. I’ve personally seen it take 30 and 40 minutes to finish. One user (with a ton of data) reported it taking 4 hours to complete. If you want a rough estimate of how long the migration will take, we found that it takes 1 minute per 1,000 records in the journals table.

Tip: I’d recommend that you run the upgrade in a screen session (or similar) so you can detach from it without stopping the process.

Save a list of any ERROR messages

The upgrade code will do it’s best to convert your old history to the new format but there might be some non-critical errors that are printed to the console. They will be prefixed by “Error” and will have a message like “Error saving: IssueJournal#123 – Start date is invalid”. The upgrade process will automatically continue past these minor errors but you should save a list of them for us to review after the upgrade. Many of them can be safely ignored but I’d like to review the others to make sure there aren’t any bugs in the upgrade. Please start a new thread in the forum and post a copy of any errors you see so we can review them for you.

What’s Next?

This is the first release in our 2.0.0 series so we will continue to support it with monthly bugfix releases until around December 2011. Around that time the next major ChiliProject version will be released (3.0.0). Since everyone has been working so hard on getting 2.0.0 out, we will be holding off on some of the major features for 3.0 in order to help support everyone through the 1.x -> 2.0.0 upgrade process.

If you’re interested in participating or contributing to ChiliProject, please leave a comment below or post to our forums. This time is a great time to start contributing to the project and we would love to have your help with all aspects of ChiliProject. Personally, I’m going to be working on a new design for 3.0.0 and I’d love to work with some web designers to guide the design.

In closing, go and download ChiliProject 2.0.0 now.